The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 18 Issue 11

Monday 13 May 1996


o Massive failure of Washington DC traffic lights
Jeremy J Epstein
o Computer Error in phone bills
Mike Schwartz
o Reactivating Windows95 Screen Savers
Mich Kabay
o Re: AOL censors British town's name!
Xcott Craver
Dave Horsfall
o Re: Odds of an accident for the Challenger
Hal Lewis
Jordin T. Kare
o Internet in danger
Patrick Robin via Gordon Peterson
Bill Frantz
and Martin Minow
o Info on RISKS (comp.risks)

Massive failure of Washington DC traffic lights

Fri, 10 May 1996 09:19:35 -0500
According to the 9 May 1996 *Washington Post*, most traffic lights in
downtown Washington D.C. went onto their weekend pattern (typical: 15
seconds of green per light), rather than their rush hour pattern (typical:
50 seconds of green per light).  This occurred during the Wednesday (8 May)
morning rush hour.  The problem was reportedly caused by a new version of
software installed in the central system that controls all of the traffic
lights, providing timing (so lights turn green in sequence).  The result was
mile-long traffic jams.  One woman reported that her 35-minute commute
turned into 75 minutes, due to the overloaded streets.

By the afternoon rush hour, the software glitch had been "fixed".  It wasn't
clear whether that meant they reloaded the old software or fixed the bug.

Some might consider this a risk of computer controlled systems, and others
might consider it a substantial increase in the nation's productivity: think
of all the lawyers and congresscritters who couldn't get to work!

Computer Error in phone bills

Mike Schwartz, Phoenix Chapter ACM; +1.602.561.1223 <schwartz@ACM.ORG>
Thu, 09 May 1996 20:00:28 +0000 (GMT)
I thought this might be of interest not so much because it made a big splash
in the news recently here in the Phoenix area (both print and broadcast
media), but mainly because it brings back memories of the days when the
phrase "computer error" caught up with and overtook "dog ate my homework".
((When was that, some time in the 60's?))

  THOUSANDS OF US West customers recently got an unpleasant surprise on
  their telephone bills: an erroneous $5 charge for switching to new
  long-distance carriers for certain in-state long-distance calls. The
  billing mistakes were due to a computer error.

Mike Schwartz, Phoenix Chapter ACM, PO Box 47302 Phoenix AZ 85068
(602) 436-4590  Phoenix_Chapter@ACM.ORG

Reactivating Windows95 Screen Savers

Mich Kabay <75300.3232@CompuServe.COM>
06 May 96 09:13:55 EDT
As I reactivated the Windows screensaver this morning after having turned it
off while ago, I suddenly realized that there is a problem with the way
Windows95 handles the reactivation.  Here is a scenario for what can happen:

The user--
1) Sets a password in any Windows95 screen saver.
2) Disables the screen saver for a while.
3) Forgets Windows95 screen-saver password.
4) Forgets that there even _was_ a password on your Windows95 screen saver.
5) Reactivates Windows95 screen saver.

The user has now reactivated the old, forgotten password and will be locked
out (at least temporarily) of Windows95 files) as soon as the user selects
the OK key.

Moral #1: Any software which allows a passworded function to be deactivated
and then reactivated should require that the password be verified before
allowing reactivation.

Moral #2: Before deactivating your Windows95 screen saver for an extended
period, disable the password.

An alternative: to have much the same effect as disabling the Windows95
screen saver, set its delay period to a longer time that is unlikely to
bother you during your normal work cycle (e.g., 15 minutes) rather than
disabling it altogether.

M.E. Kabay, Ph.D. (Kirkland, QC) / Director of Education, National Computer
Security Association (Carlisle, PA) /

Re: AOL censors British town's name! (Miller, RISKS-18.10)

Xcott Craver <>
Wed, 8 May 96 08:21:27 CDT
<> 1) Use PGP.
>This does not help.  What if the output of PGP encryption innocently
>contains the byte sequence 0x63 0x75 0x6E 0x74?  Being gibberish, you didn't
>check - but the computer may, and censor it.  There are similar problems
>with uuencode, rot13, etc.  Sigh!

   There is a public domain computer program known as "figlet."  What it
does is turn text into large letters made of ASCII characters,
            .__  .__ __              __  .__    .__
            |  | |__|  | __ ____   _/  |_|  |__ |__| ______
            |  | |  |  |/ // __ \  \   __\  |  \|  |/  ___/
            |  |_|  |    <\  ___/   |  | |   Y  \  |\___ \
            |____/__|__|_ \\___  >  |__| |___|  /__/____  > /\
                         \/    \/             \/        \/  \/
   Normally, figlet is used only for aesthetic reasons, but certainly one
sees its potential for bypassing "decency filters."  Figlet fonts range
from the huge to the relatively tiny, and it is quite easy to see that a
figletized message will not contain any potentially indecent random strings.
Yet more proof that brute regular-expression searching is an ineffective
method of weeding out indecent speech.

   Of course, aside from the obvious disadvantages of using big, tacky
letters, there is the problem that enough people writing in figlet will
alienate anyone whose online service software uses a proportional font.  I'm
not sure offhand if AOL's interface still does, but a couple years ago
some people on the anti-aol group "" actually advocated piping
articles through figlet for just this reason!

Scott Craver    -- --

Re: AOL censors British town's name! (Miller, RISKS-18.10)

Dave Horsfall <>
Thu, 9 May 1996 18:07:52 +1000 (EST)
In RISKS-18.10, Peter Miller wrote: ``What if the output of PGP
encryption innocently contains the byte sequence 0x63 0x75 0x6E 0x74?''

This actually happened to me!  I always PGP-sign my messages on the
local (amateur) packet radio network, to discourage forgeries, and
many people run a "naughty word" filter to protect themselves.  One
day, my "signature" had the "f" word in it...

Dave Horsfall VK2KFU  Ph: +61 2 9957-4224  Fx: +61 2 9922-5286
FGH Decision Support Systems P/L, 77 Pacific Hwy, Nth. Sydney, 2060, Australia

  [... as did the AUSTRIAN gerundive town name I mentioned in RISKS-18.08,
  which I misattributed as GERMAN.  A correction is noted in the SRI
  archive copy of that issue.  PGN]

Re: Odds of an accident for the Challenger

hal lewis <>
Sat, 11 May 1996 08:38:44 -0800
I didn't want to get involved in the thread that involved NASA's
pre-Challenger risk estimates, but it's probably better to set the record
straight.  (The reason for reluctance is that people who think of risk as a
single probability are usually going to misuse the number they find,
whatever it is. There is more to risk than a probability. Especially when
that number has an uncertainty of more than a factor of ten.)

In the glory days of Apollo NASA had pretty good risk estimates available
(by the standards of those times), but tended to suppress them for reasons
like the one mentioned above. If you say that the risk of failure is one in
a hundred, give or take a factor of ten, your decision is likely to be
different for a chance in ten and for a chance in a thousand, so the people
who made the decisions found that the risk estimates didn't help them much.
And they didn't care about the social and scientific benefits of actually
knowing something.  (That's a pattern throughout the risk business, that
people cling to bottom-line numbers as if they were gospel, either not
caring about uncertainties or not understanding them.)

Anyway, NASA lost interest in risk analysis, but there were still a few
competent people toiling away and making the estimates. By the time of
Challenger there were decent (within a factor of ten or so) estimates
available at NASA HQ, but the upper management treated them like the
Apocrypha. And the attitude spread (largely because of the beneficial
politics) that space travel was now "safe," leading to the mindset that
Feynman found in the engineers he talked to after the accident. They really
believed (in part because they didn't understand probability) that risks of
a chance in 100,000 were about right, despite all the evidence in the world
that that was a fantasy.  (I also interviewed lots of NASA people after the
accident, and found the same syndrome.)

Through it all, there were people at HQ who had pretty good analysis.  There
were also lots of little things (like the hydrazine fire potential) in which
risk analysis revealed a hazard that top management talked its way around.
(Just a few months ago we found NASA management redefining the risk criteria
just to avoid holding up a launch---that's the sort of thing that led
directly to Challenger.)  People who spoke about risk at HQ were treated as
if they had leprosy (I tell you that from personal experience.) And out in
the field, people took their cues from HQ. I personally asked Jim Fletcher
(twice Administrator of NASA, including the period after the accident) to go
public with risk estimates, and he always said he'd consider it. You can't
sell that kind of promise for much in Washington.

Finally, after Jim had left NASA, he was asked at some public meeting what
the risk of a disaster was, and he actually answered. He said a chance in
seventy-two. There was indeed such a number available in an internal NASA
report, but with the usual admonition of real experts that it's probably
good to around a factor of ten. The author of that report, who is indeed a
real expert, was horrified that the bottom line had been mentioned without
the uncertainty. The same old reason---people will believe it to be TRUE,
and bad decisions will be made.

So this is a case in which, as Alexander Pope would have said, a little
knowledge is a dangerous thing. Some well-meaning people at NASA disliked
bottom lines because they were of little help in making the necessary
bottom-line decisions, while many of the engineers simply didn't understand
risk at all. Whenever anyone says that something is "safe' or "unsafe," they
don't understand risk. Through it all, decent analyses did exist, and were
available to, but ignored by, all the top management. It's still that way.

My judgment, not based on access to any recent analysis, is that the
probability of a disaster hasn't changed a great deal in recent years, but
that NASA management's complacency grows with each launch that is free of
disaster. Since the laws of probability never sleep, but people do, the
outcome is predictable. I once asked an astronaut (in connection with a
proposed change) whether he'd be willing to fly on top of that thing. His
answer (loosely quoted) was "Sure, because I'm an intrepid sort, but I
wouldn't want my best friends on the same flight." It's as wrong to let risk
paralyze you as it is to underestimate it. And it's a scam on the citizenry
to quote risk in terms of a single probability number. To say nothing of the
astronauts, who are a pretty good bunch. As Clint Eastwood would have said
if Dirty Harry had been an author, read my book.

Hal Lewis

Re: Odds of an accident for the Challenger (Green, RISKS-18.10)

Jordin T. Kare <>
Wed, 8 May 96 13:25:48 PDT
>I have Volume I of the Report of the Presidential Commission on the Space
>Shuttle Challenger Accident (U.S.  Gov't Printing Office, June 6th, 1986).
>Nowhere in this volume could I find a reference to the numerical odds
>of a shuttle accident.

In Volume II of "Technical Report on Preliminary Risk Assessment for Nuclear
Waste Disposal in Space", (E.E.Rice, NASA CR 162029, 2/28/82) there is a
discussion of Shuttle failure probability from early in the Shuttle flight
era.  On P. 57, under "Standard (SRB) Space Shuttle":

"NASA does not publish or have in its possession 'official' reliability or
failure rate data for the space shuttle.... Plans are to continuously
upgrade problem areas as they are encountered on flights.  The failure rates
for the Shuttle are actually corollaries to ALARA (As Low As Reasonably
Achievable, as in nuclear radiation risk)"

So there was no "official" reliability estimate.  But the very next
paragraph says:

"Because of a NASA need to evaluate whether or not a destruct system on the
Shuttle during the early portion of the flight is worthwhile, NASA
contracted with Wiggins Company, Redondo Beach, CA, to perform a study
involving the hazards to the public of a failing Shuttle (Baeker, 1981).
Another Wiggins study (Hudson, 1979) has also been conducted for the later
portions of the flight profile to evaluate hazards when flying nuclear
payloads (e.g., Galileo).  The failure rates developed in these studies were
based upon data developed for hardware in WASH-1400 (US NRC, 1975) and upon
NASA committee reliability estimates for the SRB.  The analysis was
accomplished for only single-point failure modes, as have been identified in
[various NASA and Rockwell references].  The Wiggins data also includes
changes/modifications to failure rates resulting from an in-depth review by
NASA Space Shuttle engineers...."

There's a summary table of results from the Wiggins study, which I won't
reproduce in full, but a few of the entries are:

Failure mode                    Failure rates
                                mean            lower           upper
1. Tipover on pad               3.3E-5          1.6E-5          6.0E-5
2. Loss of control and Tumble           2.0E-3 to 2.0E-4
5. Corkscrew motion from
        SRB TVC failure         4.2E-7          2.3E-7          7.4E-7
6. Ext. Tank Punctured
        Liftoff to Staging      2.0E-7          8.4E-8          4.6E-7
...and so on

The dominant failure mode is Loss of Control and Tumble, at 1-in-500, which
has a footnote: "Engineering Judgement from NASA for man-rated solid
propellant boosters."

Interestingly, there's a second set of data for a modified Shuttle with
liquid-fuel boosters, for which the highest failure probability is Liquid
Booster Recontact at Separation, 1.3E-5.  So a Shuttle with liquid boosters
was estimated to be about 15 to 150 times safer than one with solids.

The appendix to this report has much more detailed breakdown of the risk
analysis, for the Shuttle itself and for other potential failure modes for
nuclear waste disposal.

[References were:
Baeker, J.B., 1981, Space Shuttle Range Safety Hazards Analysis,
Tech. Report 81-1329, J.H. Wiggins Co., Redondo Beach, CA.

Hudson, J.M., 1979, Development of STS Failure Probabilities,
MECO to Payload Separation, Tech Rpt 79-1395, J.H. Wiggins Co....]

Jordin Kare

Internet in danger

Fri, 10 May 1996 15:14:15 -0700
(via (Bill Frantz) and (Martin Minow))

The following was distributed to Cypherpunks. I have not verified it (or
summarized it). The translation appears accurate, however.  Martin Minow

---- Attachment follows ----

You think we're having problems here in the USA with the idiotic CDA, right?
I just received the following message from a colleague and friend who
operates a large ISP in Paris, France.  The translation is mine, and I can't
assure its total accuracy, (anyone who sees an error on my part, please
correct it for me).  I'm leaving the original French so that the original
intent of the message can be viewed.  [Bill Frantz]

<---- Begin Forwarded Message ---->
Date: Thu, 9 May 1996 19:42:12 +0200
>From: Communication client <>
Subject: Internet en danger

>                               Cher(e)s abonne(e)s,

Dear Subscribers,

> Nous n'avons malheureusement plus la possibilite de vous laisser acceder
au service de News.  Exception faite des news world-net.communnaute,,

Unfortunately, we no longer have the possibility to let you access Usenet.
The only exceptions are the newsgroups "world-net.communnaute",
"", and "".

>     En effet, la justice francaise rend actuellement World-Net responsable
de tout ce qui est diffuse sur Internet ; j'ai ete personnellement, en tant
que responsable de World-Net, mis en examen hier parce que des images a
caractere pedophile, venant de l'autre bout du monde etaient accessibles
par notre service de News. Aujourd'hui les news, demain peut-etre le web.

The French courts currently hold World-Net responsible for everything which
is distributed on the Internet; I was personally, as director of World-Net,
interrogated yesterday because some pedophile images, coming from the other
end of the world, were accessible through our News server.  Today Usenet,
tomorrow perhaps the Web.

> La majorite d'entre vous connait le fonctionnement du reseau Internet et
sait bien que World-Net n'est que votre transporteur sur ce reseau.
Cependant nous n'avons pas le choix.

The majority of you understand the functioning of the Internet network and
clearly realize that World-Net provides merely your access to this network.
It's not a matter of our choice.

>   Nous diffuserons sur notre serveur Web l'ensemble des informations citees
dans la presse et a la television concernant ce dossier.

We will distribute via our Web server complete information as cited in the
press and on television concerning this whole affair.

> Si vous voulez soutenir World-NET, envoye un mail de soutien a

If you want to support World-NET, send a mail message of support to

>     Sebastien Socchard
 Directeur de World-Net.

(director of World-Net)

>Ci-joint le communique de presse de l'A.F.P.I., que nous remercions pour
leur soutient :

Here is the press release from the A.F.P.I., which we thank for their
      Association Fran=C1aise des Professionnels d'Internet

      French Association of Internet Professionals

>                    Mardi 7 Mai 1996

Tuesday, May 7, 1996

>  Affaire: Newsgroups/Pedophilie/Internet: deux dirigeants en gardes a vue.

Affair:  Newsgroups/Pedophilia/Internet:  Two directors <translation?>

> Resume: "Nous demandons a l'ensemble des providers fran=C1ais et des
administrateurs des reseaux d'universites de fermer l'acces a tous les
Newsgroups, afin que plus un seul Newsgroup ne soit accessible du territoire
fran=C1ais, du moins tant que les fournisseurs d'acces n'auront pas en
France un statut clair".

Summary: "We ask all French ISPs and administrators of University networks
to close access to all Usenet newsgroups, such that no longer will even one
single Newsgroup will be accessible from French territory, at least until
French ISPs have a clear legal position within France."

> Depuis 48h00 les deux dirigeants des societes FranceNet et WorldNet sont
en garde a vue pour avoir simplement fait leur metier consistant a fournir
l'acces a l'Internet...

Since about 48 hours, two directors of French companies, "FranceNet" and
"WorldNet" are <translation?> for having simply done their job, consisting
of providing access to the Internet...

> En effet, la Section de Recherches de Paris de la gendarmerie Nationale a
procede lundi a leurs arrestations et a la saisie de leurs materiels, pour
avoir diffuse au travers des Newsgroups des images pedophiles.  Ces
Newsgroups et les images qu'ils abritent, sont tous produits a l'etranger et
rapatries comme le font la plupart des fournisseurs d'acces fran=C1ais via
les serveurs de News de Transpac, filiale de France Telecom.

The Research Section in Paris of the National Gendarmes started on Monday
their arrests and seizures of equipment, for having distributed pedophile
images through the Usenet newsgroups.  These Newsgroups and the images they
contained (?) are all originated abroad and brought into France as is done
by the majority of French access providers via the News servers of Transpac,
which is a subsidiary of France Telecom.

> Alors que la justice, dans une affaire similaire mais liee cette fois a
des contenus racistes ou revisionnistes presents sur l'internet, ne s'est
pas encore prononces a l'encontre de neuf fournisseurs d'acces, alors que le
ministere des Postes et des Telecommunication, au travers de son ministre
Fran=C1ois Fillon assurait encore recemment qu'en aucun cas les fournisseurs
d'acces ne pouvaient =CDtre tenus pour responsables des contenus qu'ils ne
produisaient pas et qui circulaient sur l'internet, alors que le
lieutenant-colonel Browne, commandant la SR de Paris, reconnait lui meme que
les serveurs en question recevaient, stockaient et distribuaient (tout comme
Transpac) mais ne produisaient pas ces Newsgroups, deux hommes, deux chefs
d'entreprises sont aujourd'hui en prison simplement parce que les autorites
n'ont toujours rien compris a l'Internet et a son fonctionnement.

The [French] courts, in a similar case but this time based on racist or
revisionist contents present on the Internet, have not yet passed their
judgement regarding nine ISPs, although the Ministry of Post and
Telecommunications, through its minister Francois Fillon, stated again
recently that in no case can access providers be held responsible for
content that they do not produce and which circulates via the Internet, and
although Lieutenant-Colonel Browne, commander of the Research Section in
Pairs, admitted himself that the servers in question receive, store, and
distribute (the same as Transpac), but do not produce these Newsgroups, two
men, two company directors, are today in prison simply because the
authorities still haven't understood anything about the Internet and its

>La plupart des providers rapatrient de 6 a 8 000 Newsgroups chaque jour,
soit plusieurs centaines de milliers de messages, pouvant egalement contenir
des images. Parmi ces messages ils y a incontestablement des contenus
contraire a la loi fran=C1aise (sans doute moins de 5%), tout comme il peut
en circuler par la poste, ou dans les soutes a bagage d'Air France.  Il est
materiellement impossible pour un provider de controler l'ensemble du
contenu des messages des Newsgroups, il lui est eventuellement possible de
supprimer l'acces a ceux dont le titre est de fa=C1on evidente contraire a
la loi (ex.alt.binaries.pedophilia...), ce qui n'empechera pas le lendemain
de voir surgir un nouvel intitule pour remplacer le Newsgroup censure.
Depuis plusieurs mois deja les membres de l'AFPI (Association des
Professionnels de l'Internet) dont FranceNet est l'un des fondateurs, ont
spontanement decide de supprimer l'acces a une vingtaine de Newsgroups dont
le simple libelle ne laissait aucun doute quant au caractere illegal de
leurs contenus.

The majority of providers import from six to eight thousand Newsgroups each
day, therefore several hundred thousand messages, any of which could also
contain images.  Among these messages there are incontestably some contents
which are contrary to French law (no doubt less than 5%), just as they could
circulate through the mails, or in the baggage holds of Air France.  It is
materially impossible for a provider to check the contents of all Newsgroup
messages; it is possible to block access to those whose title is clearly
contrary to the law (e.g. alt.binaries.pedophilia...), which wouldn't
prevent the following day to see a new group appear to replace the censored
one.  Since several months already, the members of the AFPI (Association of
Internet Professionals), of which FranceNet is one of the founders, have
spontaneously decided to suppress the access of about twenty Newsgroups
whose title left no doubt as to the illegal character of their contents.

> Aujourd'hui ce sont les Newsgroups qui sont vises, demain ce sera sans
doute le tour du Web. Si les fournisseurs d'acces, qui nous ne le
repeterons jamais assez, ne sont que de simples transporteurs facilitant
l'acces a un reseau, peuvent =CDtre emprisonnes, avec comme simple piece a
conviction un contenu produit au Canada ou en Australie, nous allons
assister purement et simplement a la mort de l'internet en France.

Today it is the Newsgroups which are wiped out, tomorrow it will be
doubtless the Web's turn.  If access providers, which we can never emphasize
enough, are but the simple transporters facilitating access to a network,
can be imprisoned, due to the singular cause of an item produced in Canada
or in Australia, we are going to see, purely and simply, the death of the
Internet in France.

>En signe d'indignation, de protestation et de solidarite envers nos
confreres =46ranceNet et Worldnet, le fournisseur d'acces ImagiNet,
egalement membre fondateur de l'AFPI, a decide de fermer purement et
simplement l'acces a tous les Newsgroups. Nous demandons a l'ensemble des
providers fran=C1ais et des administrateurs des reseaux d'universites d'en
faire autant afin que plus un seul Newsgroup ne soit accessible du
territoire fran=C1ais, du moins tant que les fournisseurs d'acces n'auront
pas en France un statut clair.

As a symbol of indignation, of protest, and of solidarity with our brothers at
=46ranceNet and WorldNet, the access provider ImagiNet, also a founding
 member of the AFPI, has decided to purely and simply close access to all
newsgroups.  We ask all French ISPs and administrators of University
networks to do the same, such that no longer will as much as a single
Newsgroup will be accessible from =46rench territory, at least until access
providers in France have a clear legal status.

>Nous esperons sincerement que cet appel sera suivit par l'ensemble des
prestataires de connexion internet.

We sincerely hope that this call will be followed by all Internet access

>Nous nous excusons aupres de nos abonnes pour la gene ainsi occasionnee par
une telle decision, mais nous savons que vous la comprendrez et que la
majorite d'entre vous nous soutiendrons dans cette action.

We ask the understanding of our subscribers for the inconvenience caused by
such a decision, but we know that you will understand and that the majority
of you support us in this action.

>          Patrick Robin
           President d'ImagiNet.
           Tel 43 38 10 24

<----  End Forwarded Message  ---->

Please feel free to forward this message to all appropriate venues.  "If we
don't all hang together, we shall assuredly all hang separately."  ---Thomas
Jefferson (?)

Gordon Peterson

Please report problems with the web pages to the maintainer